How safe is it to perform authentication in the client side

I’m developing an app which is kind of like a forum. Users can post comment. A comment can be edited by only the owner of the comment. For doing this

the logic is

if(Meteor.userId() === comment.userId) {
forum.comment = updatedComment‘update-forum’, forum)

Is it safe what I’m doing here? Should I shift the authentication logic to the server side?

It’s fine but remember to make a double check on the server.

I’m checking if the user is authenticated at the server side, but is it necessary that I make this particular check again in the server, i.e Meteor.userId() === comment.userId?

Yes, you need to check it again in server.

1 Like